diff options
| author | Ian Eure <ian@retrospec.tv> | 2025-05-15 07:16:00 -0700 |
|---|---|---|
| committer | Ian Eure <ian@retrospec.tv> | 2025-05-17 19:47:57 -0700 |
| commit | f718e0e5e0c137ca5441de13ea56866d045c983e (patch) | |
| tree | 5b84314e13031051b31dc1814f0c2530f49ec6e1 | |
| parent | 71da0b37ab97c1b6bd6bf8fde9b155b6ee024c1c (diff) | |
| download | guix-f718e0e5e0c137ca5441de13ea56866d045c983e.tar.gz guix-f718e0e5e0c137ca5441de13ea56866d045c983e.zip | |
gnu: librewolf: Update to 138.0.3-1 [security fixes].
Contains fixes for:
CVE-2025-2817: Privilege escalation in Firefox Updater
CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for
macOS
CVE-2025-4083: Process isolation bypass using "javascript:" URI links
in cross-origin frames
CVE-2025-4085: Potential information leakage and privilege escalation
in UITour actor
CVE-2025-4086: Specially crafted filename could be used to obscure
download type
CVE-2025-4087: Unsafe attribute access during XPath parsing
CVE-2025-4088: Cross-site request forgery via storage access API
redirects
CVE-2025-4089: Potential local code execution in "copy as cURL"
command
CVE-2025-4090: Leaked library paths in Firefox for Android
CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird
138, Firefox ESR 128.10, and Thunderbird 128.10
CVE-2025-4092: Memory safety bugs fixed in Firefox 138 and Thunderbird
138
* gnu/packages/librewolf.scm (librewolf): Update to 138.0.3-1.
* gnu/packages/patches/librewolf-compare-paths.patch: New file.
Change-Id: I2cc11b758dbc77f7ec3451faa89918b08c890729
| -rw-r--r-- | gnu/packages/librewolf.scm | 14 | ||||
| -rw-r--r-- | gnu/packages/patches/librewolf-compare-paths.patch | 15 |
2 files changed, 22 insertions, 7 deletions
diff --git a/gnu/packages/librewolf.scm b/gnu/packages/librewolf.scm index bcacbf8dd1..063a89420f 100644 --- a/gnu/packages/librewolf.scm +++ b/gnu/packages/librewolf.scm @@ -191,7 +191,7 @@ #$output))))) (patches (search-patches - "torbrowser-compare-paths.patch" + "librewolf-compare-paths.patch" "librewolf-use-system-wide-dir.patch" "librewolf-add-store-to-rdd-allowlist.patch"))))) @@ -207,17 +207,17 @@ ;; Update this id with every update to its release date. ;; It's used for cache validation and therefore can lead to strange bugs. ;; ex: date '+%Y%m%d%H%M%S' -(define %librewolf-build-id "20250416062358") +(define %librewolf-build-id "20250502155055") (define-public librewolf (package (name "librewolf") - (version "137.0.2-1") + (version "138.0.3-1") (source (make-librewolf-source #:version version - #:firefox-hash "01yd5cq6qgww6w2kq1bchy9j81blim15kdz7bvx8n512m2x3mz06" - #:librewolf-hash "0vy1xvjwgc4vd9q3laakx6lrsy4ghpdr98vm9lmx86amg9gak5ix" + #:firefox-hash "1r0kam26cz5rz39n6zcc2hrbav6dxlfrsa0qhhfjlnv33ns3lzx2" + #:librewolf-hash "1bf9sa5radjr7g6ng7kqy2ss13c0q6vkq9dfzj5y998ifxw19s4c" #:l10n firefox-l10n)) (build-system gnu-build-system) (arguments @@ -639,7 +639,7 @@ libxt mesa mit-krb5 - nspr + nspr-4.36 nss-rapid pango pciutils @@ -665,7 +665,7 @@ pkg-config python rust-librewolf - rust-cbindgen-0.26 + rust-cbindgen-0.28 which yasm)) (native-search-paths diff --git a/gnu/packages/patches/librewolf-compare-paths.patch b/gnu/packages/patches/librewolf-compare-paths.patch new file mode 100644 index 0000000000..8e880bf390 --- /dev/null +++ b/gnu/packages/patches/librewolf-compare-paths.patch @@ -0,0 +1,15 @@ +See comment in gnu/build/icecat-extension.scm. +This is only needed while icecat and torbrowser remain on +different ESR versions as the patched file has changed its +name. + +--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs ++++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs +@@ -3753,6 +3753,7 @@ + if ( + newAddon || + oldAddon.updateDate != xpiState.mtime || ++ oldAddon.path != xpiState.path || + (aUpdateCompatibility && this.isAppBundledLocation(installLocation)) || + // update addon metadata if the addon in bundled into + // the omni jar and version or the resource URI pointing |